Sat.Mar 18, 2023 - Fri.Mar 24, 2023

article thumbnail

Google Suspends Chinese App Following Malware Discovery

Data Breach Today

Google Discovered Malware In Pinduoduo’s Non-Play Store Versions Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. Chinese security researchers say they found code inside Pinduoduo versions designed to monitor users.

Security 282
article thumbnail

GUEST ESSAY: Here’s why a big cybersecurity budget won’t necessarily keep your company safe

The Last Watchdog

The cybersecurity landscape is constantly changing. While it might seem like throwing more money into the IT fund or paying to hire cybersecurity professionals are good ideas, they might not pay off in the long run. Related : Security no longer just a ‘cost center’ Do large cybersecurity budgets always guarantee a company is safe from ongoing cybersecurity threats?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

article thumbnail

Hackers Are Actively Exploiting Unpatched Adobe ColdFusion

Data Breach Today

Experts Urge Immediate Patching and Reviewing Servers for Signs of Compromise Hackers have been actively exploiting vulnerabilities in ColdFusion to remotely compromise servers, Adobe warns. Since at least early January, attackers have been dropping web shells via ColdFusion, but it's unclear if only now-known vulnerabilities are being exploited, security researchers say.

Security 274
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

ChatGPT Privacy Flaw

Schneier on Security

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

Privacy 135

More Trending

article thumbnail

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Dark Reading

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

145
145
article thumbnail

US Charges Bulgarian Woman in $4B OneCoin Fraud Case

Data Breach Today

Irina Dilkinska Allegedly Laundered $400M as Firm's Legal, Compliance Head A Bulgarian woman extradited to the United States for her role in a $4 billion crypto pyramid scheme adds to a growing list of law enforcement actions against perpetrators of the OneCoin Ponzi scheme. OneCoin generated $4 billion in fraudulent revenue and earned profits of close to $3 billion.

article thumbnail

Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years

KnowBe4

New data shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working. in exponential terms.

Phishing 130
article thumbnail

FIRESIDE CHAT: U.S. banking regulators call out APIs as embodying an attack surface full of risk

The Last Watchdog

APIs have been a linchpin as far as accelerating digital transformation — but they’ve also exponentially expanded the attack surface of modern business networks. Related: Why ‘attack surface management’ has become crucial The resultant benefits-vs-risks gap has not surprisingly attracted the full attention of cyber criminals who now routinely leverage API weaknesses in all phases of sophisticated, multi-stage network attacks.

Risk 202
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

Dark Reading

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

IT 142
article thumbnail

How Russia's Ukraine War Disrupted the Cybercrime Ecosystem

Data Breach Today

War Upended Russian Brotherhood, Supply, Demand and Pricing, Says Intel Analyst Russia's invasion of Ukraine in 2022 threw Russia's cybercrime ecosystem into a state of upheaval that still exists to this day. "We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.

249
249
article thumbnail

UK’s New Pro-innovation Approach to Regulating Digital Technologies

Data Matters

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “ Report ”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.

article thumbnail

New Vendor Email Compromise Attack Seeks $36 Million

KnowBe4

The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.

Security 123
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month

Dark Reading

A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.

article thumbnail

US Officials Urged to Examine Chinese Risk to Electric Grid

Data Breach Today

Utility Vendors Have Cut Back on Buying Chinese Transformers Due to Security Risks Utility companies have increasingly refrained from purchasing large power transformers from China given greater awareness of the security risks. Lawmakers sparred with the Energy Department's cybersecurity leader over how much of the electric grid contains components manufactured in China.

Risk 233
article thumbnail

Exploding USB Sticks

Schneier on Security

In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.

Military 116
article thumbnail

Identifying AI-Enabled Phishing

KnowBe4

Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.

Phishing 122
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chinese Warships Suspected of Signal-Jamming Passenger Jets

Dark Reading

Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.

114
114
article thumbnail

Ransomware Will Target Transport Sector OT, Says ENISA

Data Breach Today

European Cybersecurity Agency Warns That Digital Extortion Is Coming for OT Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.

article thumbnail

FTC Announces Orders to Address Deceptive Advertising on Social Media and Video Streaming Platforms

Hunton Privacy

On March 16, 2023, the Federal Trade Commission announced it issued orders to eight social media and video streaming platforms seeking Special Reports on how the platforms review and monitor commercial advertising to detect, prevent and reduce deceptive advertisements, including those related to fraudulent healthcare products, financial scams and the sale of fake goods.

Sales 113
article thumbnail

Ransomware Data Theft Extortion Goes up 40% to 70% From ‘21 to ’22

KnowBe4

A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

WIRED Threat Level

The embattled social media company brought out the checkbook to ensure at least 30 of its biggest assets—creators—were in DC to help fend off critics.

IT 113
article thumbnail

How BreachForums' 'Pompompurin' Led the FBI to His Home

Data Breach Today

Police: Fitzpatrick Waived Right to Silence, Confessed to Starting & Running Forum The alleged administrator of criminal online forum BreachForums may have thought he took steps to hide his real identity, but instead he left a trail of digital breadcrumbs that led to his arrest and prosecution, shows information unsealed in federal court.

195
195
article thumbnail

Sophos XGS vs Fortinet FortiGate: Top NGFWs Compared

eSecurity Planet

Sophos and Fortinet both appear on our list of the top next-generation firewalls (NGFWs) , and while both offer very good security at their price points, they serve very different markets. What follows is a look at the key features and strengths and weaknesses of each solution. Which one is best for you will depend on your security and throughput needs – and budget.

Cloud 110
article thumbnail

When a USB Flash Drive is Actually a Bomb

KnowBe4

A journalist based in Ecuador recently used a USB flash drive that was actually a legitimate bomb.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ferrari Hits a Roadblock as Cyber Criminals Hold it to Ransom

IT Governance

Ferrari is racing to contain the damage after it was targeted by cyber criminals this week. The supercar manufacturer said that its systems were compromised and that customer data has been stolen. In a breach notification letter sent to affected individuals, Ferrari noted that a limited number of IT systems were breached, and some customers’ names, addresses, email addresses and telephone numbers were exposed.

IT 110
article thumbnail

GitHub Replaces Private RSA SSH Key After Public Exposure

Data Breach Today

'Abundance of Caution' Cited for Move; No System Compromise or Data Breach Detected GitHub has replaced its private RSA SSH host key after discovering it was being inadvertently exposed to the public via a GitHub repository. Used to safeguard SSH access to Git operations, a bad actor could use the key to impersonate GitHub or eavesdrop. But GitHub reported no signs of abuse.

article thumbnail

10 Vulnerabilities Types to Focus On This Year

Dark Reading

A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.

110
110